Broadcom released Latest VMware Security Updates to Fix Critical Vulnerabilities (July-2025)
Introduction
Broadcom issued a critical security advisory: VMSA-2025-0013 by 15th July 2025 to fix several vulnerabilities reported to VMware products.
These Vulnerabilities affect VMware ESXi, Workstation, Fusion, and even VMware Tools. Updates are now available to remediate them.
Impacted Products
- VMware Cloud Foundation
- VMware Fusion
- VMware Telco Cloud Infrastructure
- VMware Telco Cloud Platform
- VMware vSphere ESXi
- VMware vSphere Foundation
- VMware Workstation
The affected bugs carry high CVSS scores up to 9.3, classified Critical and could let a malicious user inside a guest VM escape to the host and run code on the underlying servers.
Key Vulnerabilities and Descriptions
- VMXNET3 Integer Overflow (CVE-2025-41236)– A bug in the VMXNET3 virtual network adapter connected to virtual machines can be triggered by an attacker with admin access inside a VM. Exploiting it could let the attacker execute code on the host machine. Non VMXNET3 virtual adapters are not affected.
Severity: Critical
CVSSv3 Score: 9.3
Fix Patch: Apply patches for CVE-2025-41236 as listed in the Response Matrix.
Workarounds: No Workaround - VMCI Integer Underflow (CVE-2025-41237)– A bug in the VMCI (Virtual Machine Communication Interface) can cause an out-of-bounds write. Attackers could abuse this to run code as the host’s VMX process. On ESXi this is confined to the VM sandbox, but on Workstation/Fusion it can compromise the host OS.
Severity: Critical
CVSSv3 Score: 9.3
Fix Patch: Apply patches for CVE-2025-41237 as listed in the Response Matrix.
Workarounds: None - PVSCSI Heap Overflow (CVE-2025-41238) – An overflow in the paravirtual SCSI storage controller driver, which likewise may allow a privileged user to execute code on the ESXi host.
Severity: Critical
CVSSv3 Score: 9.3
Fix Patch: Apply patches for CVE-2025-41238 as listed in the Response Matrix.
Workarounds: None - VSockets Information Leak (CVE-2025-41239) – An information-disclosure bug in VMware’s vSockets channel which is used for host-guest communication. It can leak uninitialized memory contents from host processes into the VM. This issue is less severe (CVSS 7.1, “Important” range) but still affects ESXi, Workstation, Fusion, and VMware Tools.
Severity: Important
CVSSv3 Score: 7.1
Fix Patch: Apply patches for CVE-2025-41239 as listed in the Response Matrix.
Workarounds: None
Check detailed documentation on this .
Impacted Versions and Remediation Patches
- VMware Cloud Foundation Impacted Versions: 4.5.x, 5.x ⇒ Fix Patch Version: ESXi80U3f-24784735
- ESXi Impacted Versions: 7.0, 8.0 ⇒ Fix Patch Versions: ESXi80U3f-24784735, ESXi70U3w-24784741
- VMware Workstation Impacted Version: 17.x ⇒ Fix Patch Version: 17.6.4
- VMware Fusion Impacted Version: 13.x ⇒ Fix Patch Version: 13.6.4
- VMware Tools Impacted Versions: 11.x.x, 12.x.x, 13.x.x (Windows) ⇒ Fix patch Version: 13.0.1
Impacted Products and Updates
The advisory affects a wide range of VMware products. Impacted software includes VMware Cloud Foundation, vSphere ESXi, Workstation Pro 17.x, Fusion 13.x, VMware Tools, and VMware Telco Cloud components. In short, if your you runs VMware virtualization in any form, you are likely affected. Broadcom has published fixed software builds for all these cases.
Visit Broadcom’s support portal to review the full Response Matrix listing fixed versions. Because these vulnerabilities are so serious, plan to install the patches immediately to remediate each CVE.
Apply the patches listed in the ‘Fixed Version’ column”. No hotfix or workaround exists, so delaying updates leaves systems exposed.
Conclusion
These vulnerabilities affected a wide range of products (e.g.; ESXi 7.0 and 8.0, Workstation, Fusion, Tools, etc.) Unpatched VMware vSphere environments could let attackers escalate the privileges and execute code on production servers and that means potential data breaches or service disruptions. Applying the fix patches is the only way to close these holes.
If you found this summary useful, subscribe our blog to get latest posts delivered to your email.
Explorer more related articles on vlookuphub !!
